gpg: skipped "12345689": Unusable secret key / how to use signing subkey for gpg?

Question

As you see, I have a key with id 12345689, and I'm trying to sign with it in git

gpg -k
/home/lz/.gnupg/pubring.kbx
---------------------------
pub   rsa4096 2020-03-02 [C]
      12345689
uid           [ unknown] Person Person <me@person.com>
sub   rsa4096 2020-03-02 [S] [expires: 2024-03-01]
sub   rsa4096 2020-03-02 [E] [expires: 2024-03-01]
sub   rsa4096 2020-03-02 [A] [expires: 2024-03-01]

But git considers this key ID unusable:

gpg2 --status-fd=2 -bsau 12345689 1
[GNUPG:] KEY_CONSIDERED 12345689 1
gpg: skipped "12345689": Unusable secret key
[GNUPG:] INV_SGNR 9 12345689
[GNUPG:] FAILURE sign 54
gpg: signing failed: Unusable secret key

as I researched, it's because it contains [C] which is not for signing. I think I should use the subkey with [S] but how do I use it? I don't know how to get its ID. gpg -k does not show their IDs

score 2 · Answer 1 · answered May 24 '24 at 13:29

Adding an alternate answer that was not already here: For me, it was simply a matter of file permissions on the key. I do not know how the key's permissions got changed, but one day I could use it and the next day I could not. You can check the permissions using

ll ~/.ssh/

or wherever you store your keys. This produces output like:

-rw--r--r- 1 ec2-user ec2-user 5237 Dec 28 20:15 nick_git_signing.key

Git signing keys must have permissions 600 (-rw------). Thus, you can fix the issue with:

sudo chmod 600 ~/.ssh/nick_git_signing.key

gpg: skipped "12345689": Unusable secret key / how to use signing subkey for gpg?

1 Answers1